CH
Authored
9 records found
Peering into the Darkness
The Use of UTRS in Combating DDoS Attacks
Remotely Triggered Black Hole (RTBH) is a common DDoS mitigation approach that has been in use for the last two decades. Usually, it is implemented close to the attack victim in networks sharing some type of physical connectivity. The Unwanted Traffic Removal Service (UTRS) proje
...
Alert Alchemy
SOC Workflows and Decisions in the Management of NIDS Rules
Signature-based network intrusion detection systems (NIDSs) and network intrusion prevention systems (NIPSs) remain at the heart of network defense, along with the rules that enable them to detect threats. These rules allow Security Operation Centers (SOCs) to properly defend a n
...
No Spring Chicken
Quantifying the Lifespan of Exploits in IoT Malware Using Static and Dynamic Analysis
The Internet of things (IoT) is composed by a wide variety of software and hardware components that inherently contain vulnerabilities. Previous research has shown that it takes only a few minutes from the moment an IoT device is connected to the Internet to the first infection a
...
Ruling the Rules
Quantifying the Evolution of Rulesets, Alerts and Incidents in Network Intrusion Detection
Notwithstanding the predicted demise of signature-based network monitoring, it is still part of the bedrock of security operations. Rulesets are fundamental to the efficacy of Network Intrusion Detection Systems (NIDS). Yet, they have rarely been studied in production environment
...
Intercept and Inject
DNS Response Manipulation in the Wild
DNS is a protocol responsible for translating human-readable domain names into IP addresses. Despite being essential for many Internet services to work properly, it is inherently vulnerable to manipulation. In November 2021, users from Mexico received bogus DNS responses when res
...
Lessons in Prevention and Cure
A User Study of Recovery from Flubot Smartphone Malware
The smishing-based malware Flubot was taken down in mid-2022, yet there is little understanding of how it directly impacted smartphone users. We engage with customers of a partner Internet Service Provider (ISP), who have suffered a Flubot infection on their smartphones. We surve
...
Difficult for Thee, But Not for Me
Measuring the Difficulty and User Experience of Remediating Persistent IoT Malware
Consumer IoT devices may suffer malware attacks, and be recruited into botnets or worse. There is evidence that generic advice to device owners to address IoT malware can be successful, but this does not account for emerging forms of persistent IoT malware. Less is known about pe
...
Bin there, target that
Analyzing the target selection of IoT vulnerabilities in malware binaries
For years, attackers have exploited vulnerabilities in Internet of Things (IoT) devices. Previous research has examined target selection in cybercrime, but there has been little investigation into the factors that influence target selection in attacks on IoT. This study aims to b
...
Pay the Piper
DDoS mitigation technique to deter financially-motivated attackers
Distributed Denial of Service attacks against the application layer (L7 DDoS) are among the most difficult attacks to defend against because they mimic normal user behavior. Some mitigation techniques against L7 DDoS, e.g., IP blacklisting and load balancing using a content deliv
...
Contributed
11 records found
Enabling Data Marketplaces with Multi-Party Computation (MPC)
An Exploratory Study investigating the Implication of the Maturation of Multi-Party Computation (MPC) technology to the Architecture and the Threat Landscape of the Data Marketplaces
The emergence of the Data Marketplaces is the latest iteration in the phenomenon of data-driven transformation of the world. Data marketplaces have emerged as a new form of data-driven business models which enable trading of data between the data owners/providers and data consume
...
The Root Cause of Data Breaches
Investigating security misconfigurations as the root cause of data breaches
In the past decade, the world has experienced numerous severe and impactful data breaches, without indications of this development slowing down. Even worse, research has shown data breaches are still waiting to happen. The occurrence of a data breach has consequences for several
...
Centralised DNS-based Malware Mitigation
Examining the adoption and efficacy of centralised DNS-based malware mitigation services
Malware presents a growing problem in a world that is increasingly connected to, and reliant on, the internet. The growing, devastating potential of cyber attacks such as DDoS attacks on society and economy is largely the result of a new class of devices, the Internet of Things (
...
Who is next?
Identifying characteristics of European banks that are key in influencing the target selection of banking malware.
The European financial sector is a frequent victim of banking malware leading to massive losses. It appears that not all customers’ banks are equally attractive targets among cybercriminals who deploy banking malware. This research established a comprehensive regression model exp
...
Creating a Configuration Security Layer for Embedded Devices
A research-based on the case study of a widely used Embedded Device
As software security expert Bruce Schneier argues, the pervasive vulnerability of embedded systems today is structurally similar to the security crisis of PCs in the mid-1990s—only much worse. Embedded devices are ideal malware targets for several reasons. Firstly, Internet-conne
...
Development of Injected Code Attacks in Online Banking Fraud Incidents
An exploratory study for understanding the evolution of code used by cyber criminals in financial malware
The frequency of online banking fraud incidents has increased over the last years. A method used by different cybercriminals is the injection of malicious code into the targeted web pages. For example, attackers might inject an additional piece code into the webpage of a targeted
...
Investigating Target Selection and Financial Impact of Service Fraud
An empirical research into criminal activities on underground markets and their implications for businesses
A portion of the digital fraud occurring on the dark web comprises the illegal exchange of vouchers, coupons, and stolen accounts, defined in this research as service fraud. Despite its existence, this type of fraud had not been previously explored. This thesis employs a quantita
...
Uncovering the vulnerable
Exploring the issue of TCP reflective amplification in the network of an ISP
The rapid growth of internet-connected devices has led to a significant increase in the number of cyber attacks, resulting in security challenges related to IoT. Researchers have discovered a new attack technique that can be used for launching large DDoS attacks, which involves T
...
Privacy issues of mobile phone companies’ usage of Ultra-Wideband (UWB) technology
Analysing the use of UWB in mobile phones from a multi-actor perspective, magnifying privacy concerns and formulating guidelines
Ultra-Wideband (UWB) technology became unregulated within the EU in 2007. Most recently, it was integrated into mobile phones in 2019, notably Apply and Samsung adding it to all their newer models. While UWB is characterised as a radio technology with any signal above 500 MHz, it
...
SAVing the Internet
Measuring the adoption of Source Address Validation (SAV) by network providers
IP spoofing is the act of forging source IP addresses assigned to a host machine. Spoofing provides users the ability to hide their identity and impersonate another machine. Malicious users use spoofing to invoke a variety of attacks. Examples are Distributed Denial of Service (D
...
One thing after another
The role of users, manufacturers, and intermediaries in iot security
In recent years the number of Internet-connected devices (aka as Internet of Things (IoT)) has increased dramatically. IoT Manufacturers have launched into the market a variety of IoT products to make a profit, while users buy them for the convenience of the technology. Despite I
...